Wednesday, December 1, 2010

Importing as a python library

In case you were wondering, it *IS* possible to import jsunpack-n from your own python programs. The benefits include:
1) greater control of the options (that you'd normally specify on the command line or in the configuration file)
2) control of the output in their native data structures (no more $ ./ file|grep -E "suspicious|malicious" >> readme.log)

Check out the new script, now available in the project's google code svn site.

If you review the main code for the script, you will see that it defines a function that allows you to directly pass JavaScript... for example:
main('eval("var a=123;");')

Then you can see these loops in the main function:

        for type,hash,data in js.rooturl[url].files:
print 'file type=%s, hash=%s, data=%d bytes' % (type,hash,len(data))
for printable,impact,msg in js.rooturl[url].msg:
print 'output message printable=%d, impact=%d, msg=%s' % (printable,impact,msg)

The point of this post is to show you that you can directly access these files and perform decoding using as a python library. If you need examples for how to operate on more than just JavaScript as the shows, then try looking at the main function of, and you'll see how I process the various different types of input.


No comments:

Post a Comment